Unlock instant, AI-driven research and patent intelligence for your innovation.

Method, program and system for efficiently hashing packet keys into a firewall connection table

a firewall connection and packet key technology, applied in the field of computer networks, can solve the problems of large number of connections sometimes occurring that exceed the storage capacity of the table, and the computer on the private network (intranet) is susceptible to malicious attacks by hackers

Inactive Publication Date: 2006-08-24
IBM CORP
View PDF12 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0032] One purpose of the present invention is to disclose a new type of hash function that efficiently packs TCP headers and their reflections into a table.

Problems solved by technology

Because of its openness computers on private networks (intranets) are susceptible to malicious attacks by hackers.
Because businesses, governments and individuals rely heavily on computers and the Internet, malicious attacks could result in catastrophic economic loss or embarrassment.
If a connection table is to be used as above, then it may happen that the large number of connections sometimes occurring will exceed the storage capacity of the table.
Operation of connection tables can be complicated by the use of Network Address Translation (NAT).

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, program and system for efficiently hashing packet keys into a firewall connection table
  • Method, program and system for efficiently hashing packet keys into a firewall connection table
  • Method, program and system for efficiently hashing packet keys into a firewall connection table

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0085]FIG. 1 shows a highly simplified network 100 in which the connection table mechanism of the present invention could be implemented within the firewall accelerator within each firewall 108. The Internet or other network 102 connects to Edge devices 104. Each edge device might or might not contain an instance of a firewall 108. Edge devices also connect subnets 106. In turn, two subnets might be connected by a Bridge device 110. A Bridge device might or might not contain an instance of a firewall 108. Because Edge devices, subnets and Bridge devices are well known in the prior art, further discussion of these entities will not be given.

[0086]FIG. 2 shows a block diagram for one embodiment of hardware 200 used with a connection table within a firewall accelerator within a firewall, which is labeled 108 in FIG. 1. Random Access Memory (RAM) 202 stores updates of information as included in the present invention. A Central Processing Unit (CPU) 204 has access to data stored at conf...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method for increasing the capacity of a connection table in a firewall accelerator by means of mapping packets in one session with some common security actions into one table entry. For each of five Network Address Translation (NAT) configurations, a hash function is specified. The hash function takes into account which of four possible arrival types a packet at a firewall accelerator may have. When different arrival types of packets in the same session are processed, two or more arrival types may have the same hash value.

Description

BACKGROUND OF THE INVENTION [0001] 1. Technical Field [0002] The present invention relates to computer networks in general and, in particular, to design and operation of firewalls. It includes description of efficient hash functions that map packet header keys into a firewall connection table, thereby increasing the capacity of the table. [0003] 2. Prior Art [0004] The worldwide web (WWW) better known as the Internet is fast becoming the premier computer network for communicating both private and public information. The Internet is an open network that can be accessed by anyone using primarily a protocol called TCP / IP (Transmission Control Protocol / Internet Protocol) or other protocols. Because of its openness computers on private networks (intranets) are susceptible to malicious attacks by hackers. Computers have become the main instrument of communication for business and government agencies. For example, many business and government agencies use computers and computer networks to...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F15/16
CPCH04L29/12009H04L29/12462H04L29/12481H04L45/745H04L61/255H04L61/2557H04L61/00
Inventor CORL, EVERETT ARTHUR JR.DAVIS, GORDON TAYLORJEFFRIES, CLARK DEBSPERRIN, STEVEN RICHARDTAKADA, HIROSHITHIO, VICTORIA SUE
Owner IBM CORP